From credit card skimming to technology bugs to massive outright hacks, 2018 was one of if not the worst year on record in terms of data breaches that hit companies and hurt consumers around the world.
According to NordVPN digital privacy expert Daniel Markuson, when you tally up all of the most significant and worst data breaches of the year, the result you arrive at is the stunning fact that we learned more than 1 billion peoples’ data was potentially compromised at some point in 2018. Markuson notes in a review of all the breaches that “The scope of these attacks shows that even the biggest corporations are vulnerable and are prone to errors.
“This means that it’s becoming more difficult to trust them as we never know when our data is going to end in the wrong hands. Unfortunately, we have little to no control over when the next company will be hacked, but we can take a few precautionary steps to protect our data.”
Those steps include providing companies with only the absolute minimum information they need about you. The less data they have about you, the less that can be stolen. Change your passwords. Also, use strong and unique passwords, and think twice before posting information on social media that can be used against you.
Of course, those are obvious steps that most people would probably admit they know. It’s actually putting them into practice that’s a whole other matter. And even then, there’s only so much you can control. As Exhibit A, here’s a rundown of the data breaches and compromises from 2018, per Daniel’s analysis:
British Airways — 380,000 accounts
Attackers got access to customer names, addresses, emails and payment data at the airline, which said that between August 21 and September 5 some 380,000 transactions were compromised on the airline’s website and app. According to Daniel’s rundown, “hackers found a loophole in BA’s booking page, injected malicious code and instantaneously sent customer data to their own server.”
Google+ — 500,000 accounts
Amazingly, a bug at Google’s failed social network went unnoticed for three years. Once the company found it, perhaps scared by what Facebook went through with Cambridge Analytica, they decided to keep quiet. In all, the bug gave third-party developers potential access to half a million accounts and tons of user data like birthdays and occupations. There’s no evidence developers actually misused any data, but Google took the opportunity to just shut the consumer side of Google+ down completely, for good.
Tickey Fly (owned by Eventbrite) — 27 million accounts
As Daniel notes, this event ticketing website got hacked by a cybercrook by the name of IsHaKdZ “who stole the data from 27 million accounts.” The Washington Post confirmed the data stolen was authentic and also spoke with the hacker, who replaced the company’s homepage with an image from the movie V for Vendetta.
Uber — 57 million users
The ride-sharing company disclosed that hackers stole the data of 57 million customers and drivers. They got data including names and phone numbers of 50 million Uber riders around the world as well as personal information of some 7 million drivers. Not only that, Uber paid off the attackers in an attempt to get them to delete the data they stole.
Facebook — 147 million accounts
It started with 50 million users back in March. The disclosure that British political consulting firm Cambridge Analytica got inappropriate access to millions of Facebook user accounts set the social networking up for a terrible year for the duration of 2018. Not only did Cambridge Analytica use information it acquired to help elect Donald Trump, but a subsequent Facebook bug exposed the data of another 90 million users in September and then another 7 million in December.
MyHeritage — 92 million users
MyHeritage, which tests your DNA to give you information about your family tree, inadvertently leaked email addresses and passwords of more than 92 million users in a mishap spotted in June.
Quora — 100 million users
A hack of the question-and-answer website Quora put details related to 100 million users at risk. Quora acknowledged that ‘a malicious third party’ accessed sensitive information in the company’s database.
Firebase — 100 million users
Google-owned development platform Firebase leaked data associated with more than 100 million users, according to Daniel’s rundown. “The platform might not be well known to everyone, but it’s widely used by mobile developers,” he notes. “Appthority researchers scanned 2.7 million iOS and Android apps that connect to and store their data on Firebase. They found that over 3,000 of those apps were connected to a misconfigured database that could be accessed by anyone.”
My Fitness Pal — 150 million users
The food and nutrition app My Fitness Pal disclosed early in 2018 that it had leaked the data of 150 million users. Hackers got usernames, email addresses and passwords. But once the company found out about this, they were super-fast in notifying users, which happened just four days later.
Twitter — 330 million users
Twitter, which isn’t usually in the news for this kind of thing (at least anytime recently before this), acknowledged this year that a security bug had exposed the passwords of some 330 million users.
Marriott — 383 million users
Marriott, at first, seemed poised to take the dubious honor of being the cause of the biggest data breach of the year. The hotel chain initially said that the data of about half a billion users had been exposed when hackers broke into its booking system and got their hands on customer data going back four years. However, Marriott today revised that number down to about 383 million users who likely had their names, addresses, phone numbers, card numbers and more end up in hackers’ hands. Making this worse — it doesn’t appear the data here was used for financial gain, making it seem likely this was a state-sponsored attack.